Figure 2-1. IA-32 System-Level Registers and Data StructuresVol. 3 2-3 SYSTEM ARCHITECTURE OVERVIEW...
Transcript of Figure 2-1. IA-32 System-Level Registers and Data StructuresVol. 3 2-3 SYSTEM ARCHITECTURE OVERVIEW...
-
Vol. 3 2-3
SYSTEM ARCHITECTURE OVERVIEW
Figure 2-1. IA-32 System-Level Registers and Data Structures
Local DescriptorTable (LDT)
EFLAGS Register
Control Registers
CR1CR2CR3CR4
CR0 Global DescriptorTable (GDT)
Interrupt DescriptorTable (IDT)
IDTR
GDTR
Interrupt Gate
Trap Gate
LDT Desc.
TSS Desc.
CodeStack
CodeStack
CodeStack
Task-StateSegment (TSS)
CodeData
Stack
Task
Interrupt Handler
Exception Handler
Protected Procedure
TSS Seg. Sel.
Call-GateSegment Selector
Dir Table OffsetLinear Address
Page Directory
Pg. Dir. Entry
Linear Address Space
Linear Addr.
0
Seg. Desc.Segment Sel.
Code, Data orStack Segment
InterruptVector
TSS Desc.
Seg. Desc.
Task Gate
CurrentTSS
Call Gate
Task-StateSegment (TSS)
CodeData
Stack
Task
Seg. Desc.
CurrentTSS
CurrentTSS
Segment Selector
Linear Address
Task Register
CR3*
Page Table
Pg. Tbl. Entry
Page
Physical Addr.
LDTR
This page mapping example is for 4-KByte pagesand the normal 32-bit physical address size.
Register
*Physical Address
Physical Address
XCR0 (XFEM)
-
Vol. 3 2-13
SYSTEM ARCHITECTURE OVERVIEW
IF Interrupt enable (bit 9) — Controls the response of the processor to maskable hardware interrupt requests (see also: Section 5.3.2, “Maskable Hardware Interrupts”). The flag is set to respond to maskable hardware interrupts; cleared to inhibit maskable hardware interrupts. The IF flag does not affect the generation of exceptions or nonmaskable interrupts (NMI interrupts). The CPL, IOPL, and the state of the VME flag in control register CR4 determine whether the IF flag can be modified by the CLI, STI, POPF, POPFD, and IRET.
IOPL I/O privilege level field (bits 12 and 13) — Indicates the I/O privilege level (IOPL) of the currently running program or task. The CPL of the currently running program or task must be less than or equal to the IOPL to access the I/O address space. This field can only be modified by the POPF and IRET instructions when operating at a CPL of 0.
The IOPL is also one of the mechanisms that controls the modification of the IF flag and the handling of interrupts in virtual-8086 mode when virtual mode extensions are in effect (when CR4.VME = 1). See also: Chapter 13, “Input/Output,” in the Intel® 64 and IA-32 Architectures Software Devel-oper’s Manual, Volume 1.
NT Nested task (bit 14) — Controls the chaining of interrupted and called tasks. The processor sets this flag on calls to a task initiated with a CALL instruction, an interrupt, or an exception. It examines and modifies this flag on returns from a task initiated with the IRET instruction. The flag can be explicitly set or cleared with the POPF/POPFD instructions; however,
Figure 2-4. System Flags in the EFLAGS Register
31 22 21 20 19 18 17 16
RF
ID
AC
VM
VM — Virtual-8086 ModeRF — Resume FlagNT — Nested Task FlagIOPL— I/O Privilege LevelIF — Interrupt Enable Flag
AC — Alignment Check
ID — Identification FlagVIP — Virtual Interrupt Pending
15 1314 12 11 10 9 8 7 6 5 4 3 2 1 0
0 CFAF
PF 1
DF
IF
TF
SF
ZF
NT 00
VIP
VIF
OF
IOPL
VIF — Virtual Interrupt Flag
TF — Trap Flag
Reserved
Reserved (set to 0)
-
2-16 Vol. 3
SYSTEM ARCHITECTURE OVERVIEW
2.4.1 Global Descriptor Table Register (GDTR)The GDTR register holds the base address (32 bits in protected mode; 64 bits in IA-32e mode) and the 16-bit table limit for the GDT. The base address specifies the linear address of byte 0 of the GDT; the table limit specifies the number of bytes in the table.
The LGDT and SGDT instructions load and store the GDTR register, respectively. On power up or reset of the processor, the base address is set to the default value of 0 and the limit is set to 0FFFFH. A new base address must be loaded into the GDTR as part of the processor initialization process for protected-mode operation.
See also: Section 3.5.1, “Segment Descriptor Tables.”
2.4.2 Local Descriptor Table Register (LDTR)The LDTR register holds the 16-bit segment selector, base address (32 bits in protected mode; 64 bits in IA-32e mode), segment limit, and descriptor attributes for the LDT. The base address specifies the linear address of byte 0 of the LDT segment; the segment limit specifies the number of bytes in the segment. See also: Section 3.5.1, “Segment Descriptor Tables.”
The LLDT and SLDT instructions load and store the segment selector part of the LDTR register, respectively. The segment that contains the LDT must have a segment descriptor in the GDT. When the LLDT instruction loads a segment selector in the LDTR: the base address, limit, and descriptor attributes from the LDT descriptor are automatically loaded in the LDTR.
When a task switch occurs, the LDTR is automatically loaded with the segment selector and descriptor for the LDT for the new task. The contents of the LDTR are not automatically saved prior to writing the new LDT information into the register.
On power up or reset of the processor, the segment selector and base address are set to the default value of 0 and the limit is set to 0FFFFH.
Figure 2-5. Memory Management Registers
047(79)
GDTRIDTR
System Table Registers
32(64)-bit Linear Base Address 16-Bit Table Limit
1516
32(64)-bit Linear Base Address
0Task
LDTR
System Segment
Seg. Sel.
15
Seg. Sel.
Segment Descriptor Registers (Automatically Loaded)
32(64)-bit Linear Base Address Segment Limit
AttributesRegisters
32(64)-bit Linear Base Address Segment LimitRegister
16-Bit Table Limit
-
Vol. 3 2-19
SYSTEM ARCHITECTURE OVERVIEW
When loading a control register, reserved bits should always be set to the values previously read. The flags in control registers are:
PG Paging (bit 31 of CR0) — Enables paging when set; disables paging when clear. When paging is disabled, all linear addresses are treated as physical addresses. The PG flag has no effect if the PE flag (bit 0 of register CR0) is not also set; setting the PG flag when the PE flag is clear causes a general-protection exception (#GP). See also: Section 3.6, “Paging (Virtual Memory) Overview.”
On Intel 64 processors, enabling and disabling IA-32e mode operation also requires modifying CR0.PG.
CD Cache Disable (bit 30 of CR0) — When the CD and NW flags are clear, caching of memory locations for the whole of physical memory in the processor’s internal (and external) caches is enabled. When the CD flag is set, caching is restricted as described in Table 10-5. To prevent the processor from accessing and updating its caches, the CD flag must be set and the caches must be invalidated so that no cache hits can occur.
Figure 2-6. Control Registers
CR1
WP
AM
Page-Directory Base
VME
PSE
TSD
DE
PVI
PGE
MCE
PAE
PCE
NW
PG
CD
PWT
PCD
Page-Fault Linear Address
PE
EM
MP
TS
NE
ET
CR2
CR0
CR4
Reserved
CR3
Reserved (set to 0)
31 2930 28 19 18 17 16 15 6 5 4 3 2 1 0
31(63) 0
31(63) 0
31(63) 12 11 5 4 3 2
31(63) 9 8 7 6 5 4 3 2 1 0
(PDBR)
13 12 11 10
OSFXSROSXMMEXCPT
VMXE
00
EXMS
1418
OSXSAVE
-
3-2 Vol. 3
PROTECTED-MODE MEMORY MANAGEMENT
segment, the segment type, and the location of the first byte of the segment in the linear address space (called the base address of the segment). The offset part of the logical address is added to the base address for the segment to locate a byte within the segment. The base address plus the offset thus forms a linear address in the processor’s linear address space.
If paging is not used, the linear address space of the processor is mapped directly into the physical address space of processor. The physical address space is defined as the range of addresses that the processor can generate on its address bus.
Because multitasking computing systems commonly define a linear address space much larger than it is economically feasible to contain all at once in physical memory, some method of “virtualizing” the linear address space is needed. This virtualization of the linear address space is handled through the processor’s paging mechanism.
Paging supports a “virtual memory” environment where a large linear address space is simulated with a small amount of physical memory (RAM and ROM) and some disk
Figure 3-1. Segmentation and Paging
Global DescriptorTable (GDT)
Linear AddressSpace
SegmentSegmentDescriptor
Offset
Logical Address
SegmentBase Address
Page
Phy. Addr.Lin. Addr.
SegmentSelector
Dir Table OffsetLinear Address
Page Table
Page Directory
Entry
Physical
Space
Entry
(or Far Pointer)
PagingSegmentation
Address
Page
-
3-4 Vol. 3
PROTECTED-MODE MEMORY MANAGEMENT
FFFF_FFF0H. RAM (DRAM) is placed at the bottom of the address space because the initial base address for the DS data segment after reset initialization is 0.
3.2.2 Protected Flat ModelThe protected flat model is similar to the basic flat model, except the segment limits are set to include only the range of addresses for which physical memory actually exists (see Figure 3-3). A general-protection exception (#GP) is then generated on any attempt to access nonexistent memory. This model provides a minimum level of hardware protection against some kinds of program bugs.
Figure 3-2. Flat Model
Figure 3-3. Protected Flat Model
Linear Address Space(or Physical Memory)
Data and
FFFFFFFFHSegment
LimitAccessBase Address
RegistersCS
SS
DS
ES
FS
GS
Code
0
Code- and Data-SegmentDescriptors
Stack
Not Present
Linear Address Space(or Physical Memory)
Data and
FFFFFFFFHSegment
LimitAccessBase Address
Registers
CS
ES
SS
DS
FS
GS
Code
0
SegmentDescriptors
LimitAccessBase Address
Memory I/O
Stack
Not Present
-
Vol. 3 3-9
PROTECTED-MODE MEMORY MANAGEMENT
If paging is not used, the processor maps the linear address directly to a physical address (that is, the linear address goes out on the processor’s address bus). If the linear address space is paged, a second level of address translation is used to trans-late the linear address into a physical address.
See also: Section 3.6, “Paging (Virtual Memory) Overview”.
3.4.1 Logical Address Translation in IA-32e ModeIn IA-32e mode, an Intel 64 processor uses the steps described above to translate a logical address to a linear address. In 64-bit mode, the offset and base address of the segment are 64-bits instead of 32 bits. The linear address format is also 64 bits wide and is subject to the canonical form requirement.
Each code segment descriptor provides an L bit. This bit allows a code segment to execute 64-bit code or legacy 32-bit code by code segment.
3.4.2 Segment SelectorsA segment selector is a 16-bit identifier for a segment (see Figure 3-6). It does not point directly to the segment, but instead points to the segment descriptor that defines the segment. A segment selector contains the following items:
Index (Bits 3 through 15) — Selects one of 8192 descriptors in the GDT or LDT. The processor multiplies the index value by 8 (the number of bytes in a segment descriptor) and adds the result to the base address of the GDT or LDT (from the GDTR or LDTR register, respectively).
Figure 3-5. Logical Address to Linear Address Translation
Offset (Effective Address)0
Base Address
Descriptor Table
SegmentDescriptor
31(63)Seg. Selector
015Logical
Address
+
Linear Address031(63)
-
3-10 Vol. 3
PROTECTED-MODE MEMORY MANAGEMENT
TI (table indicator) flag (Bit 2) — Specifies the descriptor table to use: clearing this flag selects the GDT; setting this flag selects the current LDT.
Requested Privilege Level (RPL) (Bits 0 and 1) — Specifies the privilege level of the selector. The priv-ilege level can range from 0 to 3, with 0 being the most privileged level. See Section 4.5, “Privilege Levels”, for a description of the rela-tionship of the RPL to the CPL of the executing program (or task) and the descriptor privilege level (DPL) of the descriptor the segment selector points to.
The first entry of the GDT is not used by the processor. A segment selector that points to this entry of the GDT (that is, a segment selector with an index of 0 and the TI flag set to 0) is used as a “null segment selector.” The processor does not generate an exception when a segment register (other than the CS or SS registers) is loaded with a null selector. It does, however, generate an exception when a segment register holding a null selector is used to access memory. A null selector can be used to initialize unused segment registers. Loading the CS or SS register with a null segment selector causes a general-protection exception (#GP) to be generated.
Segment selectors are visible to application programs as part of a pointer variable, but the values of selectors are usually assigned or modified by link editors or linking loaders, not application programs.
3.4.3 Segment RegistersTo reduce address translation time and coding complexity, the processor provides registers for holding up to 6 segment selectors (see Figure 3-7). Each of these segment registers support a specific kind of memory reference (code, stack, or data). For virtually any kind of program execution to take place, at least the code-segment (CS), data-segment (DS), and stack-segment (SS) registers must be loaded with valid segment selectors. The processor also provides three additional data-segment registers (ES, FS, and GS), which can be used to make additional data segments available to the currently executing program (or task).
Figure 3-6. Segment Selector
15 3 2 1 0TIIndex
Table Indicator 0 = GDT 1 = LDTRequested Privilege Level (RPL)
RPL
-
Vol. 3 3-13
PROTECTED-MODE MEMORY MANAGEMENT
3.4.5 Segment DescriptorsA segment descriptor is a data structure in a GDT or LDT that provides the processor with the size and location of a segment, as well as access control and status informa-tion. Segment descriptors are typically created by compilers, linkers, loaders, or the operating system or executive, but not application programs. Figure 3-8 illustrates the general descriptor format for all types of segment descriptors.
The flags and fields in a segment descriptor are as follows:
Segment limit field Specifies the size of the segment. The processor puts together the two segment limit fields to form a 20-bit value. The processor inter-prets the segment limit in one of two ways, depending on the setting of the G (granularity) flag:
• If the granularity flag is clear, the segment size can range from 1 byte to 1 MByte, in byte increments.
• If the granularity flag is set, the segment size can range from 4 KBytes to 4 GBytes, in 4-KByte increments.
The processor uses the segment limit in two different ways, depending on whether the segment is an expand-up or an expand-down segment. See Section 3.4.5.1, “Code- and Data-Segment Descriptor Types”, for more information about segment types. For expand-up segments, the offset in a logical address can range from 0
Figure 3-8. Segment Descriptor
31 24 23 22 21 20 19 16 15 1314 12 11 8 7 0
PBase 31:24 GDPL
TypeSL 4
31 16 15 0
Base Address 15:00 Segment Limit 15:00 0
Base 23:16D/B
AVL
Seg.Limit19:16
G — GranularityLIMIT — Segment LimitP — Segment presentS — Descriptor type (0 = system; 1 = code or data)TYPE — Segment type
DPL — Descriptor privilege level
AVL — Available for use by system softwareBASE — Segment base addressD/B — Default operation size (0 = 16-bit segment; 1 = 32-bit segment)
L — 64-bit code segment (IA-32e mode only)
-
Vol. 3 3-17
PROTECTED-MODE MEMORY MANAGEMENT
Stack segments are data segments which must be read/write segments. Loading the SS register with a segment selector for a nonwritable data segment generates a general-protection exception (#GP). If the size of a stack segment needs to be changed dynamically, the stack segment can be an expand-down data segment (expansion-direction flag set). Here, dynamically changing the segment limit causes stack space to be added to the bottom of the stack. If the size of a stack segment is intended to remain static, the stack segment may be either an expand-up or expand-down type.
The accessed bit indicates whether the segment has been accessed since the last time the operating-system or executive cleared the bit. The processor sets this bit whenever it loads a segment selector for the segment into a segment register, assuming that the type of memory that contains the segment descriptor supports processor writes. The bit remains set until explicitly cleared. This bit can be used both for virtual memory management and for debugging.
Table 3-1. Code- and Data-Segment Types
Type Field DescriptorType
Description
Decimal 11 10E
9W
8A
0 0 0 0 0 Data Read-Only
1 0 0 0 1 Data Read-Only, accessed
2 0 0 1 0 Data Read/Write
3 0 0 1 1 Data Read/Write, accessed
4 0 1 0 0 Data Read-Only, expand-down
5 0 1 0 1 Data Read-Only, expand-down, accessed
6 0 1 1 0 Data Read/Write, expand-down
7 0 1 1 1 Data Read/Write, expand-down, accessed
C R A
8 1 0 0 0 Code Execute-Only
9 1 0 0 1 Code Execute-Only, accessed
10 1 0 1 0 Code Execute/Read
11 1 0 1 1 Code Execute/Read, accessed
12 1 1 0 0 Code Execute-Only, conforming
13 1 1 0 1 Code Execute-Only, conforming, accessed
14 1 1 1 0 Code Execute/Read, conforming
15 1 1 1 1 Code Execute/Read, conforming, accessed
-
Vol. 3 3-19
PROTECTED-MODE MEMORY MANAGEMENT
• Task-state segment (TSS) descriptor.• Call-gate descriptor.• Interrupt-gate descriptor.• Trap-gate descriptor.• Task-gate descriptor.These descriptor types fall into two categories: system-segment descriptors and gate descriptors. System-segment descriptors point to system segments (LDT and TSS segments). Gate descriptors are in themselves “gates,” which hold pointers to proce-dure entry points in code segments (call, interrupt, and trap gates) or which hold segment selectors for TSS’s (task gates).
Table 3-2 shows the encoding of the type field for system-segment descriptors and gate descriptors. Note that system descriptors in IA-32e mode are 16 bytes instead of 8 bytes.
Table 3-2. System-Segment and Gate-Descriptor Types
Type Field Description
Decimal 11 10 9 8 32-Bit Mode IA-32e Mode
0 0 0 0 0 Reserved Upper 8 byte of an 16-byte descriptor
1 0 0 0 1 16-bit TSS (Available) Reserved
2 0 0 1 0 LDT LDT
3 0 0 1 1 16-bit TSS (Busy) Reserved
4 0 1 0 0 16-bit Call Gate Reserved
5 0 1 0 1 Task Gate Reserved
6 0 1 1 0 16-bit Interrupt Gate Reserved
7 0 1 1 1 16-bit Trap Gate Reserved
8 1 0 0 0 Reserved Reserved
9 1 0 0 1 32-bit TSS (Available) 64-bit TSS (Available)
10 1 0 1 0 Reserved Reserved
11 1 0 1 1 32-bit TSS (Busy) 64-bit TSS (Busy)
12 1 1 0 0 32-bit Call Gate 64-bit Call Gate
13 1 1 0 1 Reserved Reserved
14 1 1 1 0 32-bit Interrupt Gate 64-bit Interrupt Gate
15 1 1 1 1 32-bit Trap Gate 64-bit Trap Gate
-
3-20 Vol. 3
PROTECTED-MODE MEMORY MANAGEMENT
See also: Section 3.5.1, “Segment Descriptor Tables”, and Section 6.2.2, “TSS Descriptor” (for more information on the system-segment descriptors); see Section 4.8.3, “Call Gates”, Section 5.11, “IDT Descriptors”, and Section 6.2.5, “Task-Gate Descriptor” (for more information on the gate descriptors).
3.5.1 Segment Descriptor TablesA segment descriptor table is an array of segment descriptors (see Figure 3-10). A descriptor table is variable in length and can contain up to 8192 (213) 8-byte descrip-tors. There are two kinds of descriptor tables:
• The global descriptor table (GDT)• The local descriptor tables (LDT)
Figure 3-10. Global and Local Descriptor Tables
SegmentSelector
GlobalDescriptor
T
First Descriptor inGDT is Not Used
TI = 0I
56
40
48
32
24
16
8
0
TI = 1
56
40
48
32
24
16
8
0
Table (GDT)
LocalDescriptor
Table (LDT)
Base AddressLimit
GDTR Register LDTR Register
Base AddressSeg. Sel.
Limit
-
3-22 Vol. 3
PROTECTED-MODE MEMORY MANAGEMENT
3.5.2 Segment Descriptor Tables in IA-32e ModeIn IA-32e mode, a segment descriptor table can contain up to 8192 (213) 8-byte descriptors. An entry in the segment descriptor table can be 8 bytes. System descrip-tors are expanded to 16 bytes (occupying the space of two entries).
GDTR and LDTR registers are expanded to hold 64-bit base address. The corre-sponding pseudo-descriptor is 80 bits. (see the bottom diagram in Figure 3-11).
The following system descriptors expand to 16 bytes:
— Call gate descriptors (see Section 4.8.3.1, “IA-32e Mode Call Gates”)
— IDT gate descriptors (see Section 5.14.1, “64-Bit Mode IDT”)
— LDT and TSS descriptors (see Section 6.2.3, “TSS Descriptor in 64-bit mode”).
3.6 PAGING (VIRTUAL MEMORY) OVERVIEWWhen operating in protected mode, IA-32 architecture permits linear address space to be mapped directly into a large physical memory (for example, 4 GBytes of RAM) or indirectly (using paging) into a smaller physical memory and disk storage. This latter method of mapping the linear address space is referred to as virtual memory or demand-paged virtual memory.
When paging is used, the processor divides the linear address space into fixed-size pages (of 4 KBytes, 2 MBytes, or 4 MBytes in length) that can be mapped into phys-ical memory and/or disk storage. When a program (or task) references a logical address in memory, the processor translates the address into a linear address and then uses its paging mechanism to translate the linear address into a corresponding physical address.
If the page containing the linear address is not currently in physical memory, the processor generates a page-fault exception (#PF). The exception handler for the page-fault exception typically directs the operating system or executive to load the page from disk storage into physical memory (perhaps writing a different page from physical memory out to disk in the process). When the page has been loaded in phys-ical memory, a return from the exception handler causes the instruction that gener-
Figure 3-11. Pseudo-Descriptor Formats
032-bit Base Address Limit
47 1516
064-bit Base Address Limit
79 1516
-
3-26 Vol. 3
PROTECTED-MODE MEMORY MANAGEMENT
3.7.1 Linear Address Translation (4-KByte Pages)Figure 3-12 shows the page directory and page-table hierarchy when mapping linear addresses to 4-KByte pages. The entries in the page directory point to page tables, and the entries in a page table point to pages in physical memory. This paging method can be used to address up to 220 pages, which spans a linear address space of 232 bytes (4 GBytes).
To select the various table entries, the linear address is divided into three sections:
• Page-directory entry — Bits 22 through 31 provide an offset to an entry in the page directory. The selected entry provides the base physical address of a page table.
• Page-table entry — Bits 12 through 21 of the linear address provide an offset to an entry in the selected page table. This entry provides the base physical address of a page in physical memory.
• Page offset — Bits 0 through 11 provides an offset to a physical address in the page.
Memory management software has the option of using one page directory for all programs and tasks, one page directory for each task, or some combination of the two.
Figure 3-12. Linear Address Translation (4-KByte Pages)
0Directory Table Offset
Page Directory
Directory Entry
CR3 (PDBR)
Page Table
Page-Table Entry
4-KByte Page
Physical Address
31 21 111222Linear Address
1024 PDE ∗ 1024 PTE = 220 Pages32*
10
12
10
*32 bits aligned onto a 4-KByte boundary.
20
-
Vol. 3 3-29
PROTECTED-MODE MEMORY MANAGEMENT
addresses are being used. The functions of the flags and fields in the entries in Figures 3-14 and 3-15 are as follows:
Page base address, bits 12 through 32 (Page-table entries for 4-KByte pages) — Specifies the physical address of the first byte of a 4-KByte page. The bits in this field are interpreted as the 20 most-significant bits of the physical address, which forces pages to be aligned on 4-KByte boundaries.
(Page-directory entries for 4-KByte page tables) — Specifies the physical address of the first byte of a page table. The bits in this field
Figure 3-14. Format of Page-Directory and Page-Table Entries for 4-KByte Pages and 32-Bit Physical Addresses
31
Available for system programmer’s useGlobal page (Ignored)Page size (0 indicates 4 KBytes)Available
12 11 9 8 7 6 5 4 3 2 1 0
PS
PCA
AccessedCache disabledWrite-throughUser/SupervisorRead/WritePresent
DP
PWT
U/S
R/
WGAvailPage-Table Base Address
31
Available for system programmer’s useGlobal PagePage Table Attribute IndexDirty
12 11 9 8 7 6 5 4 3 2 1 0
PCAD
AccessedCache DisabledWrite-ThroughUser/SupervisorRead/WritePresent
DP
PWT
U/S
R/
WAvailPage Base Address
Page-Directory Entry (4-KByte Page Table)
Page-Table Entry (4-KByte Page)
PAT
G
AVL
-
Vol. 3 6-5
TASK MANAGEMENT
The processor updates dynamic fields when a task is suspended during a task switch. The following are dynamic fields:
• General-purpose register fields — State of the EAX, ECX, EDX, EBX, ESP, EBP, ESI, and EDI registers prior to the task switch.
• Segment selector fields — Segment selectors stored in the ES, CS, SS, DS, FS, and GS registers prior to the task switch.
• EFLAGS register field — State of the EFAGS register prior to the task switch.
Figure 6-2. 32-Bit Task-State Segment (TSS)
031
100
96
92
88
84
80
76
I/O Map Base Address
15
LDT Segment Selector
GS
FS
DS
SS
CS
72
68
64
60
56
52
48
44
40
36
32
28
24
20
SS2
16
12
8
4
0
SS1
SS0
ESP0
Previous Task Link
ESP1
ESP2
CR3 (PDBR)
T
ES
EDI
ESIEBP
ESP
EBX
EDX
ECX
EAX
EFLAGS
EIP
Reserved bits. Set to 0.
Reserved
Reserved
Reserved
Reserved
Reserved
Reserved
ReservedReserved
Reserved
Reserved
Reserved
Reserved
-
Vol. 3 6-7
TASK MANAGEMENT
• Task switches are carried out faster if the pages containing these structures are present in memory before the task switch is initiated.
6.2.2 TSS DescriptorThe TSS, like all other segments, is defined by a segment descriptor. Figure 6-3 shows the format of a TSS descriptor. TSS descriptors may only be placed in the GDT; they cannot be placed in an LDT or the IDT.
An attempt to access a TSS using a segment selector with its TI flag set (which indi-cates the current LDT) causes a general-protection exception (#GP) to be generated during CALLs and JMPs; it causes an invalid TSS exception (#TS) during IRETs. A general-protection exception is also generated if an attempt is made to load a segment selector for a TSS into a segment register.
The busy flag (B) in the type field indicates whether the task is busy. A busy task is currently running or suspended. A type field with a value of 1001B indicates an inac-tive task; a value of 1011B indicates a busy task. Tasks are not recursive. The processor uses the busy flag to detect an attempt to call a task whose execution has been interrupted. To insure that there is only one busy flag is associated with a task, each TSS should have only one TSS descriptor that points to it.
The base, limit, and DPL fields and the granularity and present flags have functions similar to their use in data-segment descriptors (see Section 3.4.5, “Segment Descriptors”). When the G flag is 0 in a TSS descriptor for a 32-bit TSS, the limit field must have a value equal to or greater than 67H, one byte less than the minimum size
Figure 6-3. TSS Descriptor
31 24 23 22 21 20 19 16 15 1314 12 11 8 7 0
PBase 31:24 GDPL
Type
00
31 16 15 0
Base Address 15:00 Segment Limit 15:00
Base 23:16AVL
Limit19:160
1B01
TSS Descriptor
AVLBBASEDPLG
Available for use by system softwareBusy flagSegment Base AddressDescriptor Privilege LevelGranularity
LIMITPTYPE
Segment LimitSegment PresentSegment Type
0
4
-
Vol. 3 6-11
TASK MANAGEMENT
6.2.5 Task-Gate DescriptorA task-gate descriptor provides an indirect, protected reference to a task (see Figure 6-6). It can be placed in the GDT, an LDT, or the IDT. The TSS segment selector field in a task-gate descriptor points to a TSS descriptor in the GDT. The RPL in this segment selector is not used.
The DPL of a task-gate descriptor controls access to the TSS descriptor during a task switch. When a program or procedure makes a call or jump to a task through a task gate, the CPL and the RPL field of the gate selector pointing to the task gate must be less than or equal to the DPL of the task-gate descriptor. Note that when a task gate is used, the DPL of the destination TSS descriptor is not used.
A task can be accessed either through a task-gate descriptor or a TSS descriptor. Both of these structures satisfy the following needs:
• Need for a task to have only one busy flag — Because the busy flag for a task is stored in the TSS descriptor, each task should have only one TSS descriptor. There may, however, be several task gates that reference the same TSS descriptor.
• Need to provide selective access to tasks — Task gates fill this need, because they can reside in an LDT and can have a DPL that is different from the TSS descriptor's DPL. A program or procedure that does not have sufficient privilege to access the TSS descriptor for a task in the GDT (which usually has a DPL of 0) may be allowed access to the task through a task gate with a higher DPL. Task gates give the operating system greater latitude for limiting access to specific tasks.
• Need for an interrupt or exception to be handled by an independent task — Task gates may also reside in the IDT, which allows interrupts and exceptions
Figure 6-6. Task-Gate Descriptor
31 16 15 1314 12 11 8 7 0
PDPL
Type
0
31 16 15 0
TSS Segment Selector
1010
DPLPTYPE
Descriptor Privilege LevelSegment PresentSegment Type
4
0Reserved
ReservedReserved
/ColorImageDict > /JPEG2000ColorACSImageDict > /JPEG2000ColorImageDict > /AntiAliasGrayImages false /CropGrayImages true /GrayImageMinResolution 300 /GrayImageMinResolutionPolicy /OK /DownsampleGrayImages true /GrayImageDownsampleType /Bicubic /GrayImageResolution 300 /GrayImageDepth -1 /GrayImageMinDownsampleDepth 2 /GrayImageDownsampleThreshold 1.50000 /EncodeGrayImages true /GrayImageFilter /DCTEncode /AutoFilterGrayImages true /GrayImageAutoFilterStrategy /JPEG /GrayACSImageDict > /GrayImageDict > /JPEG2000GrayACSImageDict > /JPEG2000GrayImageDict > /AntiAliasMonoImages false /CropMonoImages true /MonoImageMinResolution 1200 /MonoImageMinResolutionPolicy /OK /DownsampleMonoImages true /MonoImageDownsampleType /Bicubic /MonoImageResolution 1200 /MonoImageDepth -1 /MonoImageDownsampleThreshold 1.50000 /EncodeMonoImages true /MonoImageFilter /CCITTFaxEncode /MonoImageDict > /AllowPSXObjects false /CheckCompliance [ /None ] /PDFX1aCheck false /PDFX3Check false /PDFXCompliantPDFOnly false /PDFXNoTrimBoxError true /PDFXTrimBoxToMediaBoxOffset [ 0.00000 0.00000 0.00000 0.00000 ] /PDFXSetBleedBoxToMediaBox true /PDFXBleedBoxToTrimBoxOffset [ 0.00000 0.00000 0.00000 0.00000 ] /PDFXOutputIntentProfile () /PDFXOutputConditionIdentifier () /PDFXOutputCondition () /PDFXRegistryName () /PDFXTrapped /False
/Description > /Namespace [ (Adobe) (Common) (1.0) ] /OtherNamespaces [ > /FormElements false /GenerateStructure false /IncludeBookmarks false /IncludeHyperlinks false /IncludeInteractive false /IncludeLayers false /IncludeProfiles false /MultimediaHandling /UseObjectSettings /Namespace [ (Adobe) (CreativeSuite) (2.0) ] /PDFXOutputIntentProfileSelector /DocumentCMYK /PreserveEditing true /UntaggedCMYKHandling /LeaveUntagged /UntaggedRGBHandling /UseDocumentProfile /UseDocumentBleed false >> ]>> setdistillerparams> setpagedevice